/// <summary>
/// 用户的所有可授权范围(有授权权限的权限列表)
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限域编号</param>
/// <returns>数据表</returns>
public DataTable GetPermissionDTByPermission(BaseUserInfo userInfo, string userId, string permissionCode)
{
var dt = new DataTable(BaseModuleEntity.CurrentTableName);
var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod());
ServiceUtil.ProcessUserCenterReadDb(userInfo, parameter, (dbHelper) =>
{
var permissionId = new BaseModuleManager().GetIdByCodeByCache(userInfo.SystemCode, permissionCode);
// 数据库里没有设置可授权的权限项,系统自动增加一个权限配置项
if (string.IsNullOrEmpty(permissionId) && permissionCode.Equals("Resource.ManagePermission"))
{
var permissionEntity = new BaseModuleEntity
{
Code = "Resource.ManagePermission",
Name = "资源管理范围权限(系统默认)",
IsScope = 1,
Enabled = 1,
AllowDelete = 0
};
permissionEntity.AllowDelete = 0;
new BaseModuleManager(userInfo).AddEntity(permissionEntity);
}
dt = new BaseModuleManager().GetDataTableByUser(userInfo.SystemCode, userId, permissionCode);
dt.TableName = BaseModuleEntity.CurrentTableName;
});
return(dt);
}
/// <summary>
/// 组织机构上级节点
/// </summary>
/// <param name="systemCode">系统编码</param>
/// <param name="organizationParentId">组织机构上级主键</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>数据表</returns>
public DataTable GetUserOrganizationScopes(string systemCode, string organizationParentId, string userId, string permissionCode = "Resource.AccessPermission")
{
DataTable result = null;
var permissionId = new BaseModuleManager().GetIdByCodeByCache(systemCode, permissionCode);
if (!string.IsNullOrEmpty(permissionId))
{
var tableName = UserInfo.SystemCode + "PermissionScope";
var sql = @"SELECT BaseOrganization.Id AS OrganizationId
, BaseOrganization.Name
, BaseOrganization.ContainChildNodes
, BasePermissionScope.TargetId
, BasePermissionScope.ContainChild
FROM BaseOrganization
LEFT OUTER JOIN BasePermissionScope ON BaseOrganization.Id = BasePermissionScope.TargetId
AND BasePermissionScope.TargetCategory = 'BaseOrganization'
AND BasePermissionScope.ResourceCategory = 'BaseUser'
AND BasePermissionScope.ResourceId = '" + userId + @"'
AND BasePermissionScope.PermissionId = " + permissionId;
if (!string.IsNullOrEmpty(organizationParentId))
{
sql += " WHERE BaseOrganization.ParentId = " + organizationParentId;
}
else
{
sql += " WHERE BaseOrganization.ParentId = 0 ";
}
sql = sql.Replace("BasePermissionScope", tableName);
result = DbHelper.Fill(sql);
}
return(result);
}
/// <summary>
/// 设置组织范围
/// </summary>
/// <param name="systemCode">系统编码</param>
/// <param name="userId"></param>
/// <param name="permissionScope"></param>
/// <param name="permissionCode">权限编码</param>
/// <param name="containChild"></param>
/// <returns></returns>
public string SetUserOrganizationScope(string systemCode, string userId, PermissionOrganizationScope permissionScope, string permissionCode = "Resource.AccessPermission", bool containChild = false)
{
var result = string.Empty;
var permissionId = new BaseModuleManager().GetIdByCodeByCache(systemCode, permissionCode);
if (!string.IsNullOrEmpty(permissionId))
{
var tableName = BaseOrganizationScopeEntity.CurrentTableName;
if (!string.IsNullOrEmpty(systemCode))
{
tableName = systemCode + "OrganizationScope";
}
var organizationScopeManager = new BaseOrganizationScopeManager(DbHelper, UserInfo, tableName);
var parameters = new List <KeyValuePair <string, object> >
{
new KeyValuePair <string, object>(BaseOrganizationScopeEntity.FieldResourceCategory, BaseUserEntity.CurrentTableName),
new KeyValuePair <string, object>(BaseOrganizationScopeEntity.FieldResourceId, userId),
new KeyValuePair <string, object>(BaseOrganizationScopeEntity.FieldPermissionId, permissionId)
};
result = organizationScopeManager.GetId(parameters);
BaseOrganizationScopeEntity organizationScopeEntity = null;
if (string.IsNullOrEmpty(result))
{
organizationScopeEntity = new BaseOrganizationScopeEntity();
}
else
{
organizationScopeEntity = organizationScopeManager.GetEntity(result);
}
organizationScopeEntity.AllData = (permissionScope == PermissionOrganizationScope.AllData ? 1 : 0);
organizationScopeEntity.Province = (permissionScope == PermissionOrganizationScope.Province ? 1 : 0);
organizationScopeEntity.City = (permissionScope == PermissionOrganizationScope.City ? 1 : 0);
organizationScopeEntity.District = (permissionScope == PermissionOrganizationScope.District ? 1 : 0);
organizationScopeEntity.UserCompany = (permissionScope == PermissionOrganizationScope.UserCompany ? 1 : 0);
organizationScopeEntity.UserSubCompany = (permissionScope == PermissionOrganizationScope.UserSubCompany ? 1 : 0);
organizationScopeEntity.UserDepartment = (permissionScope == PermissionOrganizationScope.UserDepartment ? 1 : 0);
organizationScopeEntity.UserSubDepartment = (permissionScope == PermissionOrganizationScope.UserSubDepartment ? 1 : 0);
organizationScopeEntity.UserWorkgroup = (permissionScope == PermissionOrganizationScope.UserWorkgroup ? 1 : 0);
organizationScopeEntity.OnlyOwnData = (permissionScope == PermissionOrganizationScope.OnlyOwnData ? 1 : 0);
organizationScopeEntity.ByDetails = (permissionScope == PermissionOrganizationScope.ByDetails ? 1 : 0);
organizationScopeEntity.NotAllowed = (permissionScope == PermissionOrganizationScope.NotAllowed ? 1 : 0);
organizationScopeEntity.Enabled = 1;
organizationScopeEntity.Deleted = 0;
organizationScopeEntity.ContainChild = containChild ? 1 : 0;
organizationScopeEntity.PermissionId = int.Parse(permissionId);
organizationScopeEntity.ResourceCategory = BaseUserEntity.CurrentTableName;
organizationScopeEntity.ResourceId = userId.ToString();
if (string.IsNullOrEmpty(result))
{
result = organizationScopeManager.Add(organizationScopeEntity);
}
else
{
organizationScopeManager.Update(organizationScopeEntity);
}
}
return(result);
}
/// <summary>
/// 获得有某个权限的所有用户主键
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="permissionCode">操作权限编号</param>
/// <returns>用户主键数组</returns>
public string[] GetUserIds(string systemCode, string permissionCode)
{
// 若不存在就需要自动能增加一个操作权限项
var permissionId = new BaseModuleManager().GetIdByCodeByCache(systemCode, permissionCode);
return(GetUserIdsByPermissionId(systemCode, permissionId));
}
/// <summary>
/// 判断用户是否有有相应的权限
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>有权限</returns>
public bool CheckPermission(string systemCode, string userId, string permissionCode)
{
if (String.IsNullOrEmpty(systemCode))
{
return(false);
}
if (String.IsNullOrEmpty(userId))
{
return(false);
}
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionId))
{
return(false);
}
this.CurrentTableName = systemCode + "Permission";
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldDeletionStateCode, 0));
//宋彪注:permisssionId先没加上
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldPermissionId, permissionId));
return(this.Exists(parameters));
}
/// <summary>
/// 组织机构上级节点
/// </summary>
/// <param name="organizeParentId">组织机构上级主键</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>数据表</returns>
public DataTable GetUserOrganizeScopes(string systemCode, string organizeParentId, string userId, string permissionCode = "Resource.AccessPermission")
{
DataTable result = null;
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
if (!string.IsNullOrEmpty(permissionId))
{
string tableName = this.UserInfo.SystemCode + "PermissionScope";
string sqlQuery = @"SELECT BaseOrganize.Id AS OrganizeId
, BaseOrganize.FullName
, BaseOrganize.ContainChildNodes
, BasePermissionScope.TargetId
, BasePermissionScope.ContainChild
FROM BaseOrganize
LEFT OUTER JOIN BasePermissionScope ON BaseOrganize.Id = BasePermissionScope.TargetId
AND BasePermissionScope.TargetCategory = 'BaseOrganize'
AND BasePermissionScope.ResourceCategory = 'BaseUser'
AND BasePermissionScope.ResourceId = '" + userId + @"'
AND BasePermissionScope.PermissionId = " + permissionId;
if (!string.IsNullOrEmpty(organizeParentId))
{
sqlQuery += " WHERE BaseOrganize.ParentId = " + organizeParentId;
}
else
{
sqlQuery += " WHERE BaseOrganize.ParentId IS NULL ";
}
sqlQuery = sqlQuery.Replace("BasePermissionScope", tableName);
result = this.DbHelper.Fill(sqlQuery);
}
return(result);
}
//
// 撤销权限的实现部分
//
#region private int Revoke(BasePermissionManager permissionManager, string systemCode, string organizeId, string result) 为了提高撤销的运行速度
/// <summary>
/// 为了提高撤销的运行速度
/// </summary>
/// <param name="permissionManager">资源权限读写器</param>
/// <param name="organizeId">组织机构主键</param>
/// <param name="result">权限主键</param>
/// <returns>影响行数</returns>
private int Revoke(BasePermissionManager permissionManager, string systemCode, string organizeId, string permissionId)
{
int result = 0;
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceCategory, BaseOrganizeEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceId, organizeId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldPermissionId, permissionId));
result = permissionManager.Delete(parameters);
// 2015-09-21 吉日嘎拉 这里增加变更日志
string tableName = systemCode + ".Permission.Organize";
SQLBuilder sqlBuilder = new SQLBuilder(this.DbHelper);
sqlBuilder.BeginInsert(BaseModifyRecordEntity.TableName);
sqlBuilder.SetValue(BaseModifyRecordEntity.FieldTableCode, tableName);
sqlBuilder.SetFormula(BaseModifyRecordEntity.FieldId, "SEQ_" + BaseModifyRecordEntity.TableName + ".NEXTVAL");
sqlBuilder.SetValue(BaseModifyRecordEntity.FieldRecordKey, organizeId);
sqlBuilder.SetValue(BaseModifyRecordEntity.FieldColumnCode, permissionId);
sqlBuilder.SetValue(BaseModifyRecordEntity.FieldColumnDescription, BaseModuleManager.GetNameByCache(systemCode, permissionId));
sqlBuilder.SetValue(BaseModifyRecordEntity.FieldOldValue, "1");
sqlBuilder.SetValue(BaseModifyRecordEntity.FieldNewValue, "撤销授权");
sqlBuilder.SetValue(BaseModifyRecordEntity.FieldCreateUserId, this.UserInfo.Id);
sqlBuilder.SetValue(BaseModifyRecordEntity.FieldCreateBy, this.UserInfo.RealName);
sqlBuilder.SetDBNow(BaseModifyRecordEntity.FieldCreateOn);
sqlBuilder.SetValue(BaseModifyRecordEntity.FieldIPAddress, this.UserInfo.IPAddress);
sqlBuilder.EndInsert();
return(result);
}
/// <summary>
/// 缓存预热,强制重新缓存
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <returns>影响行数</returns>
public static int CachePreheating(string systemCode)
{
var result = 0;
// 把所有的组织机构都缓存起来的代码
var manager = new BaseModuleManager
{
CurrentTableName = systemCode + "Module"
};
var dataReader = manager.ExecuteReader();
if (dataReader != null && !dataReader.IsClosed)
{
while (dataReader.Read())
{
var entity = BaseEntity.Create <BaseModuleEntity>(dataReader, false);
if (entity != null)
{
SetCache(systemCode, entity);
result++;
System.Console.WriteLine(result + " : " + entity.Code);
}
}
dataReader.Close();
}
return(result);
}
public BasePermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
{
BasePermissionScopeEntity entity = null;
string permissionId = string.Empty;
permissionId = BaseModuleManager.GetIdByCodeByCache(this.UserInfo.SystemCode, permissionCode);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
// 1:先获取是否有这样的主键,若有进行更新操作。
BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
var dt = manager.GetDataTable(parameters);
if (dt.Rows.Count > 0)
{
entity = BaseEntity.Create <BasePermissionScopeEntity>(dt);
}
return(entity);
}
/// <summary>
/// 获取模块菜单表,从缓存读取
/// 没有缓存也可以用的。
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="refreshCache">是否刷新缓存</param>
/// <returns>菜单</returns>
public List <BaseModuleEntity> GetEntitiesByCache(string systemCode = "Base", bool refreshCache = false)
{
List <BaseModuleEntity> result = null;
var tableName = systemCode + "Module";
var cacheKey = "List." + systemCode + ".Module";
//var cacheTime = default(TimeSpan);
var cacheTime = TimeSpan.FromMilliseconds(86400000);
result = CacheUtil.Cache <List <BaseModuleEntity> >(cacheKey, () =>
{
var moduleManager = new BaseModuleManager(DbHelper, UserInfo, tableName);
// 读取目标表中的数据
var parametersWhere = new List <KeyValuePair <string, object> >
{
//有效的菜单
new KeyValuePair <string, object>(BaseModuleEntity.FieldEnabled, 1),
//没被删除的菜单
new KeyValuePair <string, object>(BaseModuleEntity.FieldDeleted, 0)
};
// parameters.Add(new KeyValuePair<string, object>(BaseModuleEntity.FieldIsVisible, 1));
CurrentTableName = tableName;
return(moduleManager.GetList <BaseModuleEntity>(parametersWhere, BaseModuleEntity.FieldSortCode));
}, true, refreshCache, cacheTime);
return(result);
}
/// <summary>
/// GetPermissionScopeResourceIds
/// </summary>
/// <param name="userInfo">用户信息</param>
/// <param name="resourceCategory"></param>
/// <param name="targetId"></param>
/// <param name="targetResourceCategory"></param>
/// <param name="permissionCode">权限编码</param>
/// <returns></returns>
public string[] GetPermissionScopeResourceIds(BaseUserInfo userInfo, string resourceCategory, string targetId, string targetResourceCategory, string permissionCode)
{
string[] result = null;
var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod());
ServiceUtil.ProcessUserCenterReadDb(userInfo, parameter, (dbHelper) =>
{
var permissionId = new BaseModuleManager().GetIdByCodeByCache(userInfo.SystemCode, permissionCode);
var parameters = new List <KeyValuePair <string, object> >
{
new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, targetId),
new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory),
new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId),
new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, targetResourceCategory),
new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, 1),
new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeleted, 0)
};
var tableName = userInfo.SystemCode + "PermissionScope";
result = DbUtil.GetProperties(dbHelper, tableName, parameters, 0, BasePermissionScopeEntity.FieldResourceId);
});
return(result);
}
//
// 授予授权范围的实现部分
//
#region private string GrantUser(BasePermissionScopeManager manager, string userId, string grantUserId, string permissionCode) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="manager">权限域读写器</param>
/// <param name="userId">用户主键</param>
/// <param name="grantUserId">权限主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键</returns>
private string GrantUser(BasePermissionScopeManager permissionScopeManager, string systemCode, string userId, string grantUserId, string permissionCode)
{
string result = string.Empty;
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, grantUserId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode)));
if (!this.Exists(parameters))
{
BasePermissionScopeEntity resourcePermissionScopeEntity = new BasePermissionScopeEntity();
resourcePermissionScopeEntity.PermissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
resourcePermissionScopeEntity.ResourceCategory = BaseUserEntity.TableName;
resourcePermissionScopeEntity.ResourceId = userId;
resourcePermissionScopeEntity.TargetCategory = BaseUserEntity.TableName;
resourcePermissionScopeEntity.TargetId = grantUserId;
resourcePermissionScopeEntity.Enabled = 1;
resourcePermissionScopeEntity.DeletionStateCode = 0;
return(permissionScopeManager.Add(resourcePermissionScopeEntity));
}
return(result);
}
//
// 授予授权范围的实现部分
//
#region private string GrantRole(BasePermissionScopeManager manager, string id, string userId, string grantRoleId) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="manager">权限范围管理器</param>
/// <param name="systemCode">系统编号</param>
/// <param name="userId">用户主键</param>
/// <param name="grantRoleId">权限主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键</returns>
private string GrantRole(BasePermissionScopeManager manager, string systemCode, string userId, string grantRoleId, string permissionCode)
{
var result = string.Empty;
var permissionId = new BaseModuleManager().GetIdByCodeByCache(systemCode, permissionCode);
if (!string.IsNullOrEmpty(permissionId))
{
// 对应哪个角色
var roleTableName = systemCode + "Role";
var entity = new BasePermissionScopeEntity
{
PermissionId = permissionId.ToInt(),
ResourceCategory = BaseUserEntity.CurrentTableName,
ResourceId = userId.ToInt(),
TargetCategory = roleTableName,
TargetId = grantRoleId.ToInt(),
Enabled = 1,
Deleted = 0
};
result = manager.Add(entity, true, false);
}
return(result);
}
/// <summary>
/// 获取菜单模块树型列表
/// </summary>
/// <param name="systemCode">子系统</param>
/// <param name="isMenu">是否菜单(0/1)</param>
public DataTable GetModuleTree(string systemCode, string isMenu = null)
{
if (string.IsNullOrEmpty(systemCode))
{
systemCode = "Base";
}
//读取选定子系统的菜单模块
var manager = new BaseModuleManager(UserInfo, systemCode + "Module");
// 获取所有数据
var parameters = new List <KeyValuePair <string, object> >();
if (ValidateUtil.IsInt(isMenu))
{
parameters.Add(new KeyValuePair <string, object>(BaseModuleEntity.FieldIsMenu, isMenu));
}
parameters.Add(new KeyValuePair <string, object>(BaseModuleEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair <string, object>(BaseModuleEntity.FieldDeleted, 0));
//2017.12.20增加默认的HttpRuntime.Cache缓存
var cacheKey = "DataTable." + systemCode + ".ModuleTree." + isMenu;
//var cacheTime = default(TimeSpan);
var cacheTime = TimeSpan.FromMilliseconds(86400000);
return(CacheUtil.Cache <DataTable>(cacheKey, () => manager.GetModuleTree(manager.GetDataTable(parameters, BaseModuleEntity.FieldSortCode)), true, false, cacheTime));
//直接读取数据库
//return manager.GetModuleTree(manager.GetModuleTree(manager.GetDataTable(parameters, BaseModuleEntity.FieldSortCode)));
}
/// <summary>
/// 某个用户是否对某个模块Url有访问权限
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="moduleUrl">模块Url</param>
/// <returns>是否有权限</returns>
public bool IsUrlAuthorizedByUser(BaseUserInfo userInfo, string userId, string moduleUrl)
{
bool result = false;
var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod());
ServiceUtil.ProcessUserCenterReadDb(userInfo, parameter, (dbHelper) =>
{
// 是否超级管理员
// 是超级管理员,就不用继续判断权限了
var userManager = new BaseUserManager(dbHelper, userInfo);
BaseUserEntity userEntity = userManager.GetObject(userId);
if (userEntity != null && !string.IsNullOrEmpty(userEntity.Id))
{
result = userManager.IsAdministrator(userId);
if (!result)
{
string tableName = userInfo.SystemCode + "Module";
var moduleManager = new BaseModuleManager(dbHelper, userInfo, tableName);
List <BaseModuleEntity> entityList = null;
// moduleManager.GetList(userId);
// 这里需要改进,只读到第一个就可以返回了,没必要全部列表都计算一边
int count = entityList.Count(entity => !string.IsNullOrEmpty(entity.NavigateUrl) &&
(entity.NavigateUrl.Equals(moduleUrl, StringComparison.OrdinalIgnoreCase) || moduleUrl.StartsWith(entity.NavigateUrl)));
result = count > 0;
}
}
});
return(result);
}
/// <summary>
/// 从缓存获取获取实体
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="code">编号</param>
/// <returns>权限实体</returns>
public static BaseModuleEntity GetObjectByCacheByCode(string systemCode, string code)
{
BaseModuleEntity result = null;
string cacheKey = systemCode + ".Module";
if (!string.IsNullOrEmpty(code))
{
cacheKey = systemCode + ".Module." + code;
}
result = GetCacheByKey(cacheKey);
if (result == null)
{
// 动态读取表中的数据
string tableName = systemCode + "Module";
BaseModuleManager manager = new BaseModuleManager(tableName);
result = manager.GetObjectByCode(code);
// 若是空的不用缓存,继续读取实体
if (result != null)
{
SetCache(systemCode, result);
}
}
return(result);
}
/// <summary>
/// 缓存预热,强制重新缓存
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <returns>影响行数</returns>
public static int CachePreheating(string systemCode)
{
int result = 0;
// 把所有的组织机构都缓存起来的代码
BaseModuleManager manager = new BaseModuleManager();
manager.CurrentTableName = systemCode + "Module";
using (IDataReader dataReader = manager.ExecuteReader())
{
while (dataReader.Read())
{
BaseModuleEntity entity = BaseEntity.Create <BaseModuleEntity>(dataReader, false);
if (entity != null)
{
BaseModuleManager.SetCache(systemCode, entity);
result++;
System.Console.WriteLine(result.ToString() + " : " + entity.Code);
}
}
dataReader.Close();
}
return(result);
}
/// <summary>
/// 判断用户是否有有相应的权限
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>有权限</returns>
public bool CheckPermission(string systemCode, string userId, string permissionCode)
{
if (string.IsNullOrEmpty(systemCode))
{
return(false);
}
if (!ValidateUtil.IsInt(userId))
{
return(false);
}
var permissionId = new BaseModuleManager().GetIdByCodeByCache(systemCode, permissionCode);
// 没有找到相应的权限
if (string.IsNullOrEmpty(permissionId))
{
return(false);
}
CurrentTableName = systemCode + "Permission";
var parameters = new List <KeyValuePair <string, object> >
{
new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceCategory, BaseUserEntity.CurrentTableName),
new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceId, userId),
new KeyValuePair <string, object>(BasePermissionEntity.FieldEnabled, 1),
new KeyValuePair <string, object>(BasePermissionEntity.FieldDeleted, 0),
//宋彪注:permisssionId先没加上
new KeyValuePair <string, object>(BasePermissionEntity.FieldPermissionId, permissionId)
};
return(Exists(parameters));
}
/// <summary>
/// 获得有某个权限的所有用户主键
/// </summary>
/// <param name="organizeId">组织机构主键</param>
/// <param name="permissionCode">操作权限编号</param>
/// <param name="permissionItemName">操作权限名称</param>
/// <returns>用户主键数组</returns>
public string[] GetUserIds(string systemCode, string organizeId, string permissionCode, string permissionName = null)
{
string permissionId = string.Empty;
// 若不存在就需要自动能增加一个操作权限项
permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
return(GetUserIdsByPermissionId(organizeId, permissionId));
}
public static int RefreshCache(string systemCode, string moduleId)
{
int result = 0;
// 2016-02-29 吉日嘎拉 强制刷新缓存
BaseModuleManager.GetObjectByCache(systemCode, moduleId, true);
return(result);
}
/// <summary>
/// 某个用户是否对某个模块有相应的权限
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="moduleCode">模块编号</param>
/// <returns>是否有权限</returns>
public bool IsModuleAuthorizedByUser(BaseUserInfo userInfo, string userId, string moduleCode)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
bool returnValue = false;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
// 是否超级管理员
BaseUserManager userManager = new BaseUserManager(dbHelper, userInfo);
if (userManager.IsAdministrator(userId))
{
return(true);
}
else
{
BaseModuleManager moduleManager = new BaseModuleManager(dbHelper, userInfo);
DataTable dataTable = moduleManager.GetDataTableByUser(userId);
foreach (DataRow dataRow in dataTable.Rows)
{
if (dataRow[BaseModuleEntity.FieldCode].ToString().Equals(moduleCode))
{
returnValue = true;
break;
}
}
}
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_IsModuleAuthorizedByUser, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return(returnValue);
}
public new string GetIdByCode(string permissionCode)
{
string tableName = UserInfo.SystemCode + "Module";
BaseModuleManager moduleManager = new BaseModuleManager(dbHelper, UserInfo, tableName);
return(moduleManager.GetIdByCode(permissionCode));
//BasePermissionManager moduleManager = new BasePermissionManager(DbHelper);
//// 这里应该是若不存在就自动加一个操作权限
//return moduleManager.GetIdByAdd(permissionCode);
}
/// <summary>
/// 直接看用户本身是否有这个权限(不管角色是否有权限)
/// </summary>
/// <param name="systemCode">系统</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限主键</param>
/// <returns>是否有权限</returns>
public bool CheckPermissionByUser(string systemCode, string userId, string permissionCode)
{
var permissionId = new BaseModuleManager().GetIdByCodeByCache(systemCode, permissionCode);
// 没有找到相应的权限
if (string.IsNullOrEmpty(permissionId))
{
return(false);
}
return(CheckResourcePermission(systemCode, BaseUserEntity.CurrentTableName, userId.ToString(), permissionId));
}
/// <summary>
/// 获取用户的件约束表达式
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="tableName">表名</param>
/// <returns>主键</returns>
public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission")
{
string result = string.Empty;
// 这里是获取用户的条件表达式
// 1: 首先用户在哪些角色里是有效的?
// 2: 这些角色都有哪些哪些条件约束?
// 3: 组合约束条件?
// 4:用户本身的约束条件?
string permissionId = string.Empty;
permissionId = BaseModuleManager.GetIdByCodeByCache(this.UserInfo.SystemCode, permissionCode);
BaseUserManager manager = new BaseUserManager(this.DbHelper, this.UserInfo);
string[] roleIds = manager.GetRoleIds(UserInfo.Id);
if (roleIds == null || roleIds.Length == 0)
{
return(result);
}
BasePermissionScopeManager scopeManager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseRoleEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, roleIds));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
DataTable dtPermissionScope = scopeManager.GetDataTable(parameters);
string permissionConstraint = string.Empty;
foreach (DataRow dr in dtPermissionScope.Rows)
{
permissionConstraint = dr[BasePermissionScopeEntity.FieldPermissionConstraint].ToString();
permissionConstraint = permissionConstraint.Trim();
if (!string.IsNullOrEmpty(permissionConstraint))
{
result += " AND " + permissionConstraint;
}
}
if (!string.IsNullOrEmpty(result))
{
result = result.Substring(5);
// 解析替换约束表达式标准函数
result = ConstraintUtil.PrepareParameter(this.UserInfo, result);
}
return(result);
}
/// <summary>
/// 用户授予权限
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>影响行数</returns>
public int RevokeByPermissionCode(string systemCode, string userId, string permissionCode)
{
int result = 0;
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
if (!String.IsNullOrEmpty(permissionId))
{
result = this.Revoke(systemCode, userId, permissionId);
}
return(result);
}
//
// 撤销授权范围的实现部分
//
#region private int RevokeRole(BasePermissionScopeManager manager, string userId, string revokeRoleId, string permissionCode) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="manager">权限域读写器</param>
/// <param name="userId">用户主键</param>
/// <param name="revokeRoleId">权限主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键</returns>
private int RevokeRole(BasePermissionScopeManager manager, string systemCode, string userId, string revokeRoleId, string permissionCode)
{
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
string roleTableName = UserInfo.SystemCode + "Role";
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, roleTableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, revokeRoleId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId));
return(manager.Delete(parameters));
}
/// <summary>
/// 用户授予权限
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限编号</param>
public string GrantByPermissionCode(string systemCode, string userId, string permissionCode)
{
string result = string.Empty;
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
if (!String.IsNullOrEmpty(permissionId))
{
result = this.Grant(systemCode, userId, permissionId);
}
return(result);
}
/// <summary>
/// 用户授予权限
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>影响行数</returns>
public int RevokeByPermissionCode(string systemCode, string userId, string permissionCode)
{
var result = 0;
var permissionId = new BaseModuleManager().GetIdByCodeByCache(systemCode, permissionCode);
if (!string.IsNullOrEmpty(permissionId))
{
result = RevokeUser(systemCode, userId, permissionId);
}
return(result);
}
//
// 从数据库获取权限
//
/// <summary>
/// 获取清单
/// </summary>
/// <param name="systemCode"></param>
/// <param name="userId"></param>
/// <param name="companyId"></param>
/// <param name="fromCache"></param>
/// <returns></returns>
public List <BaseModuleEntity> GetPermissionListByUser(string systemCode, string userId, string companyId = null, bool fromCache = false)
{
var result = new List <BaseModuleEntity>();
if (!ValidateUtil.IsInt(userId))
{
return(result);
}
var useBaseRole = false;
var key = "BaseModule";
var tableName = "BaseModule";
if (!string.IsNullOrWhiteSpace(systemCode))
{
key = systemCode + "Module";
tableName = systemCode + "Module";
// 2015-11-19 所有的系统都继承基础角色的权限
// 2022-01-04 Troy.Cui 停用集成基础角色
useBaseRole = false;
var isAdministrator = BaseUserManager.IsAdministrator(userId);
if (isAdministrator)
{
result = new BaseModuleManager().GetEntitiesByCache(systemCode);
}
else
{
string[] permissionIds = null;
permissionIds = GetPermissionIdsByUser(systemCode, userId, companyId: companyId, containPublic: false, useBaseRole: useBaseRole);
// 2016-03-02 吉日嘎拉,少读一次缓存服务器,减少缓存服务器读写压力
var entities = new BaseModuleManager().GetEntitiesByCache(systemCode);
// 若是以前赋予的权限,后来有些权限设置为无效了,那就不应该再获取哪些无效的权限才对。
if (permissionIds != null && permissionIds.Length > 0)
{
// 要特别注意IsPublic的设置,容易造成失控
result = (entities as List <BaseModuleEntity>).Where(t => (t.IsPublic == 1 && t.Enabled == 1 && t.Deleted == 0) || permissionIds.Contains(t.Id.ToString())).ToList();
}
else
{
result = (entities as List <BaseModuleEntity>).Where(t => t.IsPublic == 1 && t.Enabled == 1 && t.Deleted == 0).ToList();
}
}
}
return(result);
}
/// <summary>
/// 更新模块菜单
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="moduleEntity">实体</param>
/// <param name="statusCode">返回状态码</param>
/// <param name="statusMessage">返回状消息</param>
/// <returns>影响行数</returns>
public int Update(BaseUserInfo userInfo, BaseModuleEntity moduleEntity, out string statusCode, out string statusMessage)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
statusCode = string.Empty;
statusMessage = string.Empty;
int returnValue = 0;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BaseModuleEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "Module";
}
BaseModuleManager moduleManager = new BaseModuleManager(dbHelper, userInfo, tableName);
// 调用方法,并且返回运行结果
returnValue = moduleManager.Update(moduleEntity, out statusCode);
// 获得状态消息
statusMessage = moduleManager.GetStateMessage(statusCode);
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.ModuleService_Update, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return(returnValue);
}
